b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 17:36

Target

b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
Size

1.3MB
MD5

91c9e11202ae99d49655b7da583b665e
SHA1

366d62914102d0b4dcb729ff920e59535aa498b0
SHA256

b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78
SHA512

121e5abc2d0758cefadac7c404984df9f5a673f3149c7e4ae4c29dbd8cfb77dbdd407f624d57af47d7f10ae5dd504bbb11fb202ed764e415671ebd1e328695cc
SSDEEP

24576:kpyhP5RFFrSEyFPu8JR9ksaQFCLwbLflBP+:ryFPu8D9k5QELuLW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2408 set thread context of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1684	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
1684	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
1684	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
1684	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
1684	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84
PID 2408 wrote to memory of 1684	2408	b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe	84

C:\Users\Admin\AppData\Local\Temp\b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
"C:\Users\Admin\AppData\Local\Temp\b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\b79cf406a2e2723ec56d704deaa0a5b5649018b06bbd2c5e59cba5c6db788f78.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1684

memory/1684-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1684-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1684-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1684-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1684-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download